E.U. GDPR WEEKLY NEWS DIGEST: 28 August 2017

The GDPR goes into effect on 25 May 2018 and will affect every organization, anywhere in the world, that collects, processes or retains any “personally identifiable information, or PII” of European Union citizens. Recent news on GDPR:

IDC says GDPR will represent a $3.5bn (£2.7bn) annual opportunity for security and storage resellers. However, MSPs and resellers must of course become compliant themselves, which is no small task considering that in many cases they are handling and managing - and in some cases even processing - customer data.

Maria Pittordis, Partner and Head of Marine, Trade and Energy at Hill Dickinson, said: “The GDPR requires you to show how you comply with the principles by documenting the decisions you take about a processing activity. As well as an obligation to provide comprehensive, clear and transparent privacy policies.

One company sure to be taking note of the new GDPR rules will be TalkTalk. The Information Commissioner’s Office (ICO) announced on Thursday that it has fined TalkTalk Telecom Group PLC £100,000 as it “failed to look after its customers’ data and risked it falling into the hands of scammers and fraudsters”.

Companies traditionally applied broad interpretations of consent and contractual duties, but this is no longer lawful under new GDPR restrictions (and trying to satisfy GDPR changes by implementing additional consent is repetitive and impractical). Controlled Linkable Data enables secondary data uses by satisfying alternate legal basis requirements under the GDPR by enforcing dynamic pseudonymisation and data protection by default to control the linkability of data.

Contributor Mark Goldin suggests: appointing a Data Protection Officer, who should be an expert on data protection law, business practices and technology, and data security; conduct an annual privacy impact assessment throughout the development lifecycle of a system, but especially before you start collecting data in the first place; strengthen datacenter security – both physical and technological; and get the right team together (internally and externally) as your suppliers and vendors must also comply.

The 7% growth from last year is attributed to continued data breaches and growing demands for application security testing within the infrastructure protection segment. With spending expected to grow up to $93 billion in 2018, security services will continue to be the fastest-growing segment among IT outsourcing, consulting and implementation services.

Alphabet Inc.’s Google has launched a website setting out how the search engine and internet giant intends to comply with GDPR. The site is intended to help businesses understand their options for ensuring they are ready for new stricter customer consent rules, mandatory data breach notice, and the potential for massive fines of up to the greater of 20 million euros ($25.5 million) or 4 percent of a company’s worldwide income.

In a blog on its website, nfpSynergy said that only 16 per cent of respondents to a GDPR survey it conducted in May “opted in to be asked to donate to future appeals” from a charity. The research concluded that there is “no getting away from the fact that GDPR is going to have a significant impact for charities” and would likely see “charities’ databases shrink and, as a consequence, incomes fall”.

Elizabeth Denham, the U.K.’s Information Commissioner, seems genuinely surprised that so many organisations think they need consent to process people’s personal data, and don’t seem to understand that other legal options, such claiming a legitimate interest in processing data, are available. Unfortunately, guidance on legitimate interest isn’t due to be published until early next year, perilously close to the 25 May GDPR start date.

Tourism could reach 20% of Croatia’s GDP this year, bringing in revenue of 12 billion euros. However, tourism service providers know nothing about the new GDPR rules. Unnecessary collection and retention of copies of documents, information on children, home addresses – all this will have to disappear. The damage caused by media reports of irresponsible management of personal data could affect the entire Croatian tourism industry.

Rich Vining is a Sr. Product Marketing Manager for Data Protection and Data Governance Solutions at Hitachi Data Systems and has been publishing his thoughts on data storage and data management since the mid-1990s. The contents of this blog are his own.